Custom Notification Transport

Last modified 23 Mar 2021 14:06 +01:00
Since 3.9
This functionality is available since version 3.9.

Imagine that you want to append all user password values (as soon as they are changed) as individual records to a CSV file.

It is possible to configure a notification to do so:

<notificationConfiguration>
     <handler>
        <customNotifier>
            <category>modelEvent</category>
            <focusType>UserType</focusType>
            <status>alsoSuccess</status>            <!-- avoid processing if there's an overall failure (e.g. password does not meet policy constraints) -->
            <expression>
                <script>
                    <code>
                        import com.evolveum.midpoint.xml.ns._public.common.common_3.*
                        user = event.requestee?.resolveObjectType()
                        pwd = event.focusPassword
                        if (user != null &amp;&amp; pwd != null) {
                            m = new NotificationMessageType()
                            m.setBody(user.name.orig + ";" + pwd)             // record to be written to the file
                            m
                        } else {
                            null
                        }
                    </code>
                </script>
            </expression>
            <transport>custom:csv</transport>
        </customNotifier>
     </handler>
     <customTransport name="csv">
        <expression>
            <script>
                <code>
                    new File('data.csv').append(message.body+'\n')
                </code>
            </script>
        </expression>
     </customTransport>
</notificationConfiguration>

The first part i.e. <customNotifier> translates a modelEvent (after filtering out non-user related events and events that ended in a failure) into a notification message containing username;password value pair. This is the line that should be written to CSV file.

The second part i.e. <customTransport> writes the line into data.csv file.

Notes:

  1. The event.focusPassword method is present only in midPoint 3.9 and later. But other parts of this mechanism are present in midPoint 3.6.1 already.

  2. There’s a slight limitation of event.getFocusPassword() method: it cannot distinguish between "no change of password" and "password set to null value". A more elaborate analysis of model context would be needed if such a distinction was required.